Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Three engines
and 10 freight cars from a Union Pacific train derailed after colliding with a
semi-truck at a crossing in Ward County, Texas, August 3 halting eastbound rail
traffic while crews repaired about 1,000 feet of damaged track. – Odessa
American

7.
August 4, Odessa American – (Texas) Truck
driver injured in Ward County train derailment. Three engines and 10
freight cars from a Union Pacific train derailed after the train collided with
a semi-truck at a crossing in Ward County August 3 when the driver of the
semi-truck failed to yield the right of way to the train. The driver was
transported to an area hospital while eastbound rail traffic was halted through
Odessa August 4 while crews repaired about 1,000 feet of damaged track and
recovered cars. Source: http://www.oaoa.com/news/article_e994475a-1c29-11e4-9508-001a4bcf6878.html

· Fire crews
continued to fight several wildfires in Oregon and California that combined,
have burned thousands of acres, while three new fires have burned over 2,000
acres and compromised the Idaho Power transmission line in Wallowa County. – Portland
Oregonian

· Rapid 7
reported that multi-function printers from several companies contain
vulnerabilities that can allow an attacker to access usernames, email
addresses, and passwords from corporate Active Directory accounts. – The
Register See item 20
below in the Information Technology
Sector

· A faulty air
conditioner is believed to be the cause of a fire that broke out August 4 at
the Fair Haven strip mall in Jesup, Georgia, destroying 7 businesses as well as
an office space and a church. – WSAV 3 Savannah

27.
August 5, WSAV 3 Savannah – (Georgia) Jesup
fire believed to have begun with air conditioner. A faulty air conditioner
is believed to be the cause of a fire that broke out August 4 at the Fair Haven
strip mall in Jesup, destroying 7 businesses as well as an office space and a
church. Source: http://www.wnct.com/story/26195879/jesup-shopping-center-goes-up-in-flames

Financial Services Sector

3. August
4, U.S. Securities and Exchange Commission – (California) SEC
charges California-based broker with stealing money from accounts. The U.S.
Securities and Exchange Commission charged the former sole owner of Thornes
& Associates, Inc., in Redlands with stealing $4.4 million from a two
brokerage accounts under his control and paying out the funds to two friends
and for personal use. The former owner agreed to settle the charges by paying
roughly $4.4 million in disgorgement, plus interest, and nearly $4.4 million in
penalties. Source: http://www.sec.gov/litigation/litreleases/2014/lr23058.htm

20. August 5, The Register – (International) Multi function p0wnage just getting
worse, researcher finds. A researcher with Rapid 7 reported that
multi-function printers from several companies contain vulnerabilities that can
allow an attacker to access usernames, email addresses, and passwords from
corporate Active Directory accounts. The researcher and his team reported being
able to gain access to corporate networks in 40-50 percent of attempts. Source:
http://www.theregister.co.uk/2014/08/05/printer_pwnage_just_getting_worse_researcher_finds/

21. August 5, Help Net Security – (International) DDoS attack volumes plummet as NTP
servers got patched. Black Lotus released its Q2 2014 Threat Report which
found that patching weaknesses in systems decreased distributed reflection
denial of service (DrDoS) attacks by 86 percent in the second quarter of 2014
while multi-vector attacks such as TCP SYN and HTTP GET attacks increased 140
percent during the quarter, among other findings. Source: http://www.net-security.org/secworld.php?id=17206

22. August 5,
Securityweek – (International) Mobile users
targeted with SandroRat posing as security software. Researchers with
McAfee identified a campaign targeting Android users in Europe which disguises
the SandroRat malware as a Kaspersky mobile security app to trick users into
installing it. The malware is spread via text messages and emails and purports
to be from a bank as a means of enhancing mobile security. Source: http://www.securityweek.com/mobile-users-targeted-sandrorat-posing-security-software

23. August 5,
Securityweek – (International) Flaw enabled
access to internal Yahoo administration panel. A researcher with RMSEC
identified and reported an issue with Yahoo that allowed him to guess a correct
URL and then be logged into an internal content management system (CMS) with
full administrator rights. Yahoo closed the issue after being informed by the researcher.
Source: http://www.securityweek.com/flaw-enabled-access-internal-yahoo-administration-panel

24. August 5,
Securityweek – (International) Apache Cordova
vulnerabilities expose Android apps. IBM Security Systems researchers
identified three vulnerabilities in the Apache Cordova developer APIs that
could allow attackers to steal sensitive information from applications created
using Apache Cordova. The Apache Cordova development team was notified by the
researchers prior to public disclosure and an update was released August 4 that
closes the flaws. Source: http://www.securityweek.com/apache-cordova-vulnerabilities-expose-android-apps

25. August 4,
Threatpost – (International) RAT malware
communicating via Yahoo Mail. A researcher with G-Data published an
analysis of a remote access trojan (RAT) known as IcoScript that has mostly
gone undetected since 2012 and uses Yahoo Mail to communicate with its
controllers to avoid creating suspicious traffic. The RAT could also be
modified to use Gmail or other webmail providers. Source: http://threatpost.com/rat-malware-communicating-via-yahoo-mail

Communications Sector

See
item 17 from the Emergency Sectorand 26 from the Commercial Facilities Sector
below:

26.
August 5, Aspen Daily News –
(Colorado) Power outage closes dozen of Aspen businesses. Construction
crews severed a main electric feeder line August 4 that left many residents in
downtown Aspen without power and closed dozens of businesses for nearly 11
hours for repairs. AT&T cell service for customers was also down due to the
power being cut off to a cell phone tower. Source: http://www.aspendailynews.com/section/home/163320

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"